Lucene search
+L

899 matches found

CVE
CVE
added 2025/12/09 8:54 p.m.19 views

CVE-2023-53771

CVE-2023-53771 affects MiniDVBLinux 5.4. The vulnerability is an authentication bypass in the system-setup endpoint: remote attackers can craft POST requests with modified SYSTEM_PASSWORD to reset the root password. This is evidenced by multiple sources (Red Hat, EUVD, NVD, CVE lists) describing ...

9.8CVSS7AI score0.00881EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-201892

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS6.4AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS5.8AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 8:12 a.m.15 views

CVE-2025-41692

CVE-2025-41692 describes a high-privilege remote attack against a webUI where an admin user can brute-force the underlying OS root and user passwords due to a weak password generation algorithm. Connected sources (Red Hat and NVD/NVD-derived entries) indicate potential downstream risks: separate ...

6.8CVSS6.2AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/09 8:12 a.m.34 views

CVE-2025-41692 Weak/Predictable root Password

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 8:12 a.m.3 views

CVE-2025-41692 Weak/Predictable root Password

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS6.6AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.10 views

PT-2025-50268

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description The software contains a flaw that allows remote attackers to bypass authentication and modify the root password. This is achieved by sending specially crafted POST requests to the system setup endpoint,...

9.8CVSS7AI score0.00881EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49811

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS6.9AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 12:9 a.m.18 views

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

9.8CVSS7.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 3:15 p.m.14 views

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

9.8CVSS0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.4 views

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

7.5AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.13 views

PT-2025-49036

Name of the Vulnerable Software and Affected Versions Thermo Fisher Ion Torrent OneTouch 2 INS1005527 affected versions not specified Description The devices run an SSH server accessible via port 22. The root account has a default password of ionadmin, and a password change policy is not enforced...

9.8CVSS7.5AI score0.00403EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.32 views

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

0.00403EPSS
Exploits0References3
CVE
CVE
added 2025/12/04 12:0 a.m.18 views

CVE-2025-53963

CVE-2025-53963 affects Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. An SSH server on port 22 uses a weak default root password (ionadmin) with no enforced password-change policy, allowing a network-connected attacker to achieve root code execution. Notes across sources indicate the vu...

9.8CVSS7.5AI score0.00403EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/11/12 10:15 p.m.6 views

CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

4.4CVSS0.0017EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/12 10:8 p.m.12 views

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

4.4CVSS0.0017EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/17 12:43 a.m.17 views

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

6.5CVSS7.2AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2025/10/12 10:32 p.m.17 views

CVE-2025-11649

CVE-2025-11649 affects Tomofun Furbo 360 and Furbo Mini. The vulnerability ties to an unknown function in the Root Account Handler that, when manipulated, reveals a hard-coded password. Exploitation requires local access and is described as high complexity with low privileges and no user interact...

7.3CVSS5.6AI score0.00133EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/10/09 3:43 p.m.13 views

CVE-2025-59957 Junos OS: EX4600 Series and QFX5000 Series: An attacker with physical access can open a persistent backdoor

An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't...

7CVSS0.00173EPSS
Exploits0References3
Rows per page
Query Builder